package com.ibm.ws.ssl.config;

import com.ibm.etools.wdt.server.core.WDTConstants;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ssl.Constants;
import com.ibm.websphere.ssl.SSLConfig;
import com.ibm.websphere.ssl.SSLConfigChangeEvent;
import com.ibm.websphere.ssl.SSLConfigChangeListener;
import com.ibm.websphere.ssl.SSLException;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ssl.JSSEProviderFactory;
import com.ibm.ws.ssl.internal.LibertyConstants;
import com.ibm.ws.ssl.internal.TraceConstants;
import com.ibm.ws.ssl.provider.AbstractJSSEProvider;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;

/* loaded from: input_file:resources/server_runtime/lib/com.ibm.ws.ssl_1.0.3.jar:com/ibm/ws/ssl/config/SSLConfigManager.class */
public class SSLConfigManager {
    private static final TraceComponent tc = Tr.register((Class<?>) SSLConfigManager.class, "SSL", TraceConstants.MESSAGE_BUNDLE);
    private boolean isServerProcess;
    private final Properties globalConfigProperties;
    private final Map<String, SSLConfig> sslConfigMap;
    private final Map<String, List<SSLConfigChangeListener>> sslConfigListenerMap;
    private final Map<SSLConfigChangeListener, SSLConfigChangeEvent> sslConfigListenerEventMap;

    /* loaded from: input_file:resources/server_runtime/lib/com.ibm.ws.ssl_1.0.3.jar:com/ibm/ws/ssl/config/SSLConfigManager$Singleton.class */
    private static class Singleton {
        static final SSLConfigManager INSTANCE = new SSLConfigManager();

        private Singleton() {
        }
    }

    private SSLConfigManager() {
        this.isServerProcess = false;
        this.globalConfigProperties = new Properties();
        this.sslConfigMap = new HashMap();
        this.sslConfigListenerMap = new HashMap();
        this.sslConfigListenerEventMap = new HashMap();
        JSSEProviderFactory.getInstance();
    }

    public static SSLConfigManager getInstance() {
        return Singleton.INSTANCE;
    }

    public synchronized void initializeServerSSL(Map<String, String> map, Map<String, Map<String, String>> map2, Map<String, WSKeyStore> map3, boolean z) throws SSLException {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "initializeServerSSL", new Object[0]);
        }
        if (z) {
            try {
                AbstractJSSEProvider.clearSSLContextCache();
            } catch (Exception e) {
                FFDCFilter.processException(e, getClass().getName(), "initializeServerSSL", this);
                throw new SSLException(e);
            }
        }
        this.isServerProcess = true;
        loadGlobalProperties(map);
        KeyStoreManager.getInstance().loadKeyStores(map3);
        String[] strArr = null;
        HashSet hashSet = null;
        if (z) {
            hashSet = new HashSet();
            Set<String> keySet = this.sslConfigMap.keySet();
            strArr = (String[]) keySet.toArray(new String[keySet.size()]);
        }
        for (Map.Entry<String, Map<String, String>> entry : map2.entrySet()) {
            String key = entry.getKey();
            SSLConfig parseSSLConfig = parseSSLConfig(entry, z);
            if (parseSSLConfig != null && parseSSLConfig.requiredPropertiesArePresent()) {
                parseSSLConfig.setProperty(Constants.SSLPROP_ALIAS, key);
                parseSSLConfig.decodePasswords();
                if (z) {
                    hashSet.add(key);
                    SSLConfig sSLConfig = this.sslConfigMap.get(key);
                    if (sSLConfig == null) {
                        addSSLConfigToMap(key, parseSSLConfig);
                    } else if (!sSLConfig.equals(parseSSLConfig)) {
                        removeSSLConfigFromMap(key, sSLConfig);
                        addSSLConfigToMap(key, parseSSLConfig);
                        notifySSLConfigChangeListener(key, Constants.CONFIG_STATE_CHANGED);
                    } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "New SSL config equals old SSL config for alias: " + key, new Object[0]);
                    }
                } else {
                    addSSLConfigToMap(key, parseSSLConfig);
                }
            }
        }
        if (z) {
            for (String str : strArr) {
                SSLConfig sSLConfig2 = this.sslConfigMap.get(str);
                if (!hashSet.contains(str)) {
                    removeSSLConfigFromMap(str, sSLConfig2);
                    notifySSLConfigChangeListener(str, Constants.CONFIG_STATE_DELETED);
                }
            }
        }
        setDefaultSSLContext();
        checkURLHostNameVerificationProperty(z);
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "Total Number of SSLConfigs: " + this.sslConfigMap.size(), new Object[0]);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "initializeServerSSL");
        }
    }

    public synchronized void setDefaultSSLContext() throws Exception {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "setDefaultSSLContext", new Object[0]);
        }
        SSLConfig defaultSSLConfig = getDefaultSSLConfig();
        if (defaultSSLConfig != null) {
            JSSEProviderFactory.getInstance(null).setServerDefaultSSLContext(defaultSSLConfig);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "setDefaultSSLContext");
        }
    }

    private String getSystemProperty(final String str) {
        return (String) AccessController.doPrivileged(new PrivilegedAction<String>() { // from class: com.ibm.ws.ssl.config.SSLConfigManager.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public String run() {
                return System.getProperty(str);
            }
        });
    }

    private SSLConfig parseSSLConfig(Map.Entry<String, Map<String, String>> entry, boolean z) throws Exception {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "parseSSLConfig: " + entry.getKey(), new Object[0]);
        }
        SSLConfig parseSecureSocketLayer = parseSecureSocketLayer(entry.getValue(), z);
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "parseSSLConfig");
        }
        return parseSecureSocketLayer;
    }

    private SSLConfig parseDefaultSecureSocketLayer() throws Exception {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "parseDefaultSecureSocketLayer", new Object[0]);
        }
        SSLConfig sSLConfig = new SSLConfig();
        String keyManagerFactoryAlgorithm = JSSEProviderFactory.getKeyManagerFactoryAlgorithm();
        if (keyManagerFactoryAlgorithm != null) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Setting default KeyManager: " + keyManagerFactoryAlgorithm, new Object[0]);
            }
            sSLConfig.setProperty(Constants.SSLPROP_KEY_MANAGER, keyManagerFactoryAlgorithm);
        }
        String trustManagerFactoryAlgorithm = JSSEProviderFactory.getTrustManagerFactoryAlgorithm();
        if (trustManagerFactoryAlgorithm != null) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Setting default TrustManager: " + trustManagerFactoryAlgorithm, new Object[0]);
            }
            sSLConfig.setProperty(Constants.SSLPROP_TRUST_MANAGER, trustManagerFactoryAlgorithm);
        }
        String systemProperty = getSystemProperty(Constants.SSLPROP_PROTOCOL);
        if (systemProperty != null && !systemProperty.equals("")) {
            sSLConfig.setProperty(Constants.SSLPROP_PROTOCOL, systemProperty);
        }
        String systemProperty2 = getSystemProperty(Constants.SSLPROP_CONTEXT_PROVIDER);
        if (systemProperty2 != null && !systemProperty2.equals("")) {
            if (systemProperty2.equalsIgnoreCase(Constants.IBMJSSE_NAME) || systemProperty2.equalsIgnoreCase(Constants.IBMJSSEFIPS_NAME)) {
                systemProperty2 = Constants.IBMJSSE2_NAME;
            }
            sSLConfig.setProperty(Constants.SSLPROP_CONTEXT_PROVIDER, systemProperty2);
        }
        String systemProperty3 = getSystemProperty("com.ibm.CSI.performTLClientAuthenticationRequired");
        if (systemProperty3 != null && !systemProperty3.equals("")) {
            sSLConfig.setProperty(Constants.SSLPROP_CLIENT_AUTHENTICATION, systemProperty3);
        }
        String systemProperty4 = getSystemProperty("com.ibm.CSI.performTLClientAuthenticationSupported");
        if (systemProperty4 != null && !systemProperty4.equals("")) {
            sSLConfig.setProperty(Constants.SSLPROP_CLIENT_AUTHENTICATION_SUPPORTED, systemProperty4);
        }
        String systemProperty5 = getSystemProperty(Constants.SSLPROP_SECURITY_LEVEL);
        if (systemProperty5 != null && !systemProperty5.equals("")) {
            sSLConfig.setProperty(Constants.SSLPROP_SECURITY_LEVEL, systemProperty5);
        }
        String systemProperty6 = getSystemProperty(Constants.SSLPROP_KEY_STORE_CLIENT_ALIAS);
        if (systemProperty6 != null && !systemProperty6.equals("")) {
            sSLConfig.setProperty(Constants.SSLPROP_KEY_STORE_CLIENT_ALIAS, systemProperty6);
        }
        String systemProperty7 = getSystemProperty(Constants.SSLPROP_KEY_STORE_SERVER_ALIAS);
        if (systemProperty7 != null && 0 < systemProperty7.length()) {
            sSLConfig.setProperty(Constants.SSLPROP_KEY_STORE_SERVER_ALIAS, systemProperty7);
        }
        String systemProperty8 = getSystemProperty(Constants.SSLPROP_ENABLED_CIPHERS);
        if (systemProperty8 != null && 0 < systemProperty8.length()) {
            sSLConfig.setProperty(Constants.SSLPROP_ENABLED_CIPHERS, systemProperty8);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "Saving SSLConfig." + sSLConfig.toString(), new Object[0]);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "parseDefaultSecureSocketLayer");
        }
        return sSLConfig;
    }

    private SSLConfig parseSecureSocketLayer(Map<String, String> map, boolean z) throws Exception {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "parseSecureSocketLayer", new Object[0]);
        }
        SSLConfig sSLConfig = new SSLConfig();
        WSKeyStore wSKeyStore = null;
        String str = map.get(LibertyConstants.KEY_KEYSTORE_REF);
        if (null != str) {
            wSKeyStore = KeyStoreManager.getInstance().getKeyStore(str);
        }
        if (wSKeyStore != null) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Adding keystore properties from KeyStore object.", new Object[0]);
            }
            sSLConfig.setProperty(Constants.SSLPROP_KEY_STORE_NAME, str);
            addSSLPropertiesFromKeyStore(wSKeyStore, sSLConfig);
        }
        String str2 = map.get(LibertyConstants.KEY_TRUSTSTORE_REF);
        WSKeyStore wSKeyStore2 = null;
        if (null != str2) {
            wSKeyStore2 = KeyStoreManager.getInstance().getKeyStore(str2);
        }
        if (wSKeyStore2 != null) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Adding truststore properties from KeyStore object.", new Object[0]);
            }
            sSLConfig.setProperty(Constants.SSLPROP_TRUST_STORE_NAME, str2);
            addSSLPropertiesFromTrustStore(wSKeyStore2, sSLConfig);
        }
        String keyManagerFactoryAlgorithm = JSSEProviderFactory.getKeyManagerFactoryAlgorithm();
        if (keyManagerFactoryAlgorithm != null) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Setting default KeyManager: " + keyManagerFactoryAlgorithm, new Object[0]);
            }
            sSLConfig.setProperty(Constants.SSLPROP_KEY_MANAGER, keyManagerFactoryAlgorithm);
        }
        String trustManagerFactoryAlgorithm = JSSEProviderFactory.getTrustManagerFactoryAlgorithm();
        if (trustManagerFactoryAlgorithm != null) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Setting default TrustManager: " + trustManagerFactoryAlgorithm, new Object[0]);
            }
            sSLConfig.setProperty(Constants.SSLPROP_TRUST_MANAGER, trustManagerFactoryAlgorithm);
        }
        String str3 = map.get("sslProtocol");
        if (str3 != null && !str3.equals("")) {
            sSLConfig.setProperty(Constants.SSLPROP_PROTOCOL, str3);
        }
        String str4 = map.get("jsseProvider");
        if (str4 != null && !str4.equals("")) {
            if (str4.equalsIgnoreCase(Constants.IBMJSSE_NAME) || str4.equalsIgnoreCase(Constants.IBMJSSEFIPS_NAME)) {
                str4 = Constants.IBMJSSE2_NAME;
            }
            sSLConfig.setProperty(Constants.SSLPROP_CONTEXT_PROVIDER, str4);
        }
        String str5 = map.get("clientAuthentication");
        if (null != str5 && 0 < str5.length()) {
            sSLConfig.setProperty(Constants.SSLPROP_CLIENT_AUTHENTICATION, Boolean.valueOf(str5).toString());
        }
        String str6 = map.get("clientAuthenticationSupported");
        if (null != str6 && 0 < str6.length()) {
            sSLConfig.setProperty(Constants.SSLPROP_CLIENT_AUTHENTICATION_SUPPORTED, Boolean.valueOf(str6).toString());
        }
        String str7 = map.get("securityLevel");
        if (null != str7 && 0 < str7.length()) {
            sSLConfig.setProperty(Constants.SSLPROP_SECURITY_LEVEL, str7);
        }
        String str8 = map.get("clientKeyAlias");
        if (null != str8 && 0 < str8.length()) {
            sSLConfig.setProperty(Constants.SSLPROP_KEY_STORE_CLIENT_ALIAS, str8);
        }
        String str9 = map.get("serverKeyAlias");
        if (null != str9 && 0 < str9.length()) {
            sSLConfig.setProperty(Constants.SSLPROP_KEY_STORE_SERVER_ALIAS, str9);
        }
        String str10 = map.get("enabledCiphers");
        if (null != str10 && 0 < str10.length()) {
            sSLConfig.setProperty(Constants.SSLPROP_ENABLED_CIPHERS, str10);
        }
        String str11 = map.get("dynamicSelectionInfo");
        if (null != str11 && 0 < str11.length()) {
            sSLConfig.setProperty(Constants.SSLPROP_DYNAMIC_SELECTION_INFO, str11);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "Saving SSLConfig: " + sSLConfig, new Object[0]);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "parseSecureSocketLayer");
        }
        return sSLConfig;
    }

    public synchronized void addSSLPropertiesFromKeyStore(WSKeyStore wSKeyStore, SSLConfig sSLConfig) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "addSSLPropertiesFromKeyStore", new Object[0]);
        }
        Enumeration<?> propertyNames = wSKeyStore.propertyNames();
        while (propertyNames.hasMoreElements()) {
            String str = (String) propertyNames.nextElement();
            sSLConfig.setProperty(str, wSKeyStore.getProperty(str));
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "addSSLPropertiesFromKeyStore");
        }
    }

    public synchronized void addSSLPropertiesFromTrustStore(WSKeyStore wSKeyStore, SSLConfig sSLConfig) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "addSSLPropertiesFromTrustStore", new Object[0]);
        }
        Enumeration<?> propertyNames = wSKeyStore.propertyNames();
        while (propertyNames.hasMoreElements()) {
            String str = (String) propertyNames.nextElement();
            String property = wSKeyStore.getProperty(str);
            String str2 = null;
            if (str.startsWith(Constants.SSLPROP_KEY_STORE)) {
                str2 = str.length() == Constants.SSLPROP_KEY_STORE.length() ? Constants.SSLPROP_TRUST_STORE : Constants.SSLPROP_TRUST_STORE + str.substring(Constants.SSLPROP_KEY_STORE.length());
            }
            if (str2 != null && property != null) {
                sSLConfig.setProperty(str2, property);
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "addSSLPropertiesFromTrustStore");
        }
    }

    public synchronized String[] getSSLConfigAliases() {
        return (String[]) this.sslConfigMap.keySet().toArray(new String[this.sslConfigMap.size()]);
    }

    public synchronized SSLConfig getSSLConfig(String str) throws IllegalArgumentException {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "getSSLConfig: " + str, new Object[0]);
        }
        SSLConfig defaultSSLConfig = (str == null || str.equals("")) ? getDefaultSSLConfig() : this.sslConfigMap.get(str);
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "getSSLConfig", defaultSSLConfig);
        }
        return defaultSSLConfig;
    }

    public synchronized void loadGlobalProperties(Map<String, String> map) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "loadGlobalProperties", new Object[0]);
        }
        this.globalConfigProperties.clear();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Setting global property: " + entry.getKey() + WDTConstants.EQUAL_TAG + entry.getValue(), new Object[0]);
            }
            this.globalConfigProperties.setProperty(entry.getKey(), entry.getValue());
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "loadGlobalProperties");
        }
    }

    public synchronized Properties determineIfCSIv2SettingsApply(Properties properties, Map<String, Object> map) throws SSLException {
        Properties properties2;
        Properties properties3;
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "determineIfCSIv2SettingsApply", map);
        }
        Properties properties4 = null;
        if (map != null) {
            String str = (String) map.get("com.ibm.ssl.endPointName");
            String str2 = (String) map.get("com.ibm.ssl.direction");
            if (str != null && ((str.equals(Constants.ENDPOINT_ORB_SSL_LISTENER_ADDRESS) || str.equals(Constants.ENDPOINT_CSIV2_SERVERAUTH) || str.equals(Constants.ENDPOINT_CSIV2_MUTUALAUTH)) && str2 != null && str2.equals("inbound"))) {
                String property = this.globalConfigProperties.getProperty("com.ibm.ssl.csi.inbound.alias");
                if (property != null && property.length() > 0) {
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Getting inbound SSL config with alias: " + property, new Object[0]);
                    }
                    properties4 = getProperties(property);
                }
                if (properties4 != null) {
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Cloning CSIv2 alias reference configuration.", new Object[0]);
                    }
                    properties3 = (Properties) properties4.clone();
                } else {
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Cloning JSSEHelper configuration.", new Object[0]);
                    }
                    properties3 = (Properties) properties.clone();
                }
                if (properties3 != null) {
                    String property2 = this.globalConfigProperties.getProperty("com.ibm.CSI.claimTLClientAuthenticationSupported");
                    String property3 = this.globalConfigProperties.getProperty("com.ibm.CSI.claimTLClientAuthenticationRequired");
                    if (property2 != null) {
                        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                            Tr.debug(tc, "Setting client auth supported: " + property2, new Object[0]);
                        }
                        properties3.setProperty(Constants.SSLPROP_CLIENT_AUTHENTICATION_SUPPORTED, property2);
                    }
                    if (property3 != null) {
                        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                            Tr.debug(tc, "Setting client auth required: " + property3, new Object[0]);
                        }
                        properties3.setProperty(Constants.SSLPROP_CLIENT_AUTHENTICATION, property3);
                    }
                    if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                        Tr.exit(tc, "determineIfCSIv2SettingsApply (settings applied)");
                    }
                    return properties3;
                }
            } else if ("IIOP".equals(str) && "outbound".equals(str2)) {
                String property4 = this.globalConfigProperties.getProperty("com.ibm.ssl.csi.outbound.alias");
                if (property4 != null && property4.length() > 0) {
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Getting outbound SSL config with alias: " + property4, new Object[0]);
                    }
                    properties4 = getProperties(property4);
                }
                if (properties4 != null) {
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Cloning CSIv2 alias reference configuration.", new Object[0]);
                    }
                    properties2 = (Properties) properties4.clone();
                } else {
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Cloning JSSEHelper configuration.", new Object[0]);
                    }
                    properties2 = (Properties) properties.clone();
                }
                if (properties2 != null) {
                    if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                        Tr.exit(tc, "determineIfCSIv2SettingsApply (settings applied)");
                    }
                    return properties2;
                }
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "determineIfCSIv2SettingsApply (original settings)");
        }
        return properties;
    }

    public synchronized Properties getDefaultSystemProperties(boolean z) throws Exception {
        SSLConfig sSLConfig;
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "getDefaultSystemProperties", new Object[0]);
        }
        if (!z && null != (sSLConfig = this.sslConfigMap.get(Constants.DEFAULT_SYSTEM_ALIAS))) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                Tr.exit(tc, "getDefaultSystemProperties -> already present.");
            }
            return sSLConfig;
        }
        SSLConfig parseDefaultSecureSocketLayer = parseDefaultSecureSocketLayer();
        if (parseDefaultSecureSocketLayer == null || !parseDefaultSecureSocketLayer.requiredPropertiesArePresent()) {
            if (!TraceComponent.isAnyTracingEnabled() || !tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "getDefaultSystemProperties -> null");
            return null;
        }
        parseDefaultSecureSocketLayer.setProperty(Constants.SSLPROP_ALIAS, Constants.DEFAULT_SYSTEM_ALIAS);
        parseDefaultSecureSocketLayer.setProperty(Constants.SSLPROP_CONFIGURL_LOADED_FROM, "System Properties");
        parseDefaultSecureSocketLayer.decodePasswords();
        SSLConfig sSLConfig2 = this.sslConfigMap.get(Constants.DEFAULT_SYSTEM_ALIAS);
        if (sSLConfig2 == null) {
            addSSLConfigToMap(Constants.DEFAULT_SYSTEM_ALIAS, parseDefaultSecureSocketLayer);
        } else if (!sSLConfig2.equals(parseDefaultSecureSocketLayer)) {
            removeSSLConfigFromMap(Constants.DEFAULT_SYSTEM_ALIAS, sSLConfig2);
            addSSLConfigToMap(Constants.DEFAULT_SYSTEM_ALIAS, parseDefaultSecureSocketLayer);
        } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "New SSL config equals old SSL config for alias: DefaultSystemProperties", new Object[0]);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "getDefaultSystemProperties -> found valid system properties");
        }
        return parseDefaultSecureSocketLayer;
    }

    public synchronized SSLConfig getDefaultSSLConfig() throws IllegalArgumentException {
        SSLConfig sSLConfig;
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "getDefaultSSLConfig", new Object[0]);
        }
        String globalProperty = getGlobalProperty(Constants.SSLPROP_DEFAULT_ALIAS);
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "defaultAlias: " + globalProperty, new Object[0]);
        }
        if (globalProperty != null && (sSLConfig = this.sslConfigMap.get(globalProperty)) != null) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                Tr.exit(tc, "defaultAlias not null, getDefaultSSLConfig for: " + globalProperty);
            }
            return sSLConfig;
        }
        if (!TraceComponent.isAnyTracingEnabled() || !tc.isEntryEnabled()) {
            return null;
        }
        Tr.exit(tc, "defaultAlias is null");
        return null;
    }

    public synchronized Properties getProperties(String str) throws IllegalArgumentException {
        return getSSLConfig(str);
    }

    public synchronized String getGlobalProperty(String str) {
        String systemProperty = getSystemProperty(str);
        if (null == systemProperty && this.globalConfigProperties != null) {
            systemProperty = this.globalConfigProperties.getProperty(str);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled() && systemProperty != null) {
            Tr.debug(tc, "getGlobalProperty -> " + str + WDTConstants.EQUAL_TAG + systemProperty, new Object[0]);
        }
        return systemProperty;
    }

    public synchronized String getGlobalProperty(String str, String str2) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "getGlobalProperty", str, str2);
        }
        String globalProperty = getGlobalProperty(str);
        if (globalProperty == null) {
            globalProperty = str2;
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "getGlobalProperty -> " + globalProperty);
        }
        return globalProperty;
    }

    public synchronized String[] parseEnabledCiphers(String str) {
        if (str != null) {
            return str.split("\\s");
        }
        return null;
    }

    public synchronized String[] adjustSupportedCiphersToSecurityLevel(String[] strArr, String str) {
        return Constants.adjustSupportedCiphersToSecurityLevel(strArr, str);
    }

    public synchronized String convertCipherListToString(String[] strArr) {
        if (strArr == null || strArr.length == 0) {
            return "null";
        }
        StringBuilder sb = new StringBuilder();
        for (String str : strArr) {
            if (0 < sb.length()) {
                sb.append(' ');
            }
            sb.append(str);
        }
        return sb.toString();
    }

    public static synchronized String mask(String str) {
        String str2 = null;
        if (str != null) {
            char[] cArr = new char[str.length()];
            for (int i = 0; i < str.length(); i++) {
                cArr[i] = '*';
            }
            str2 = new String(cArr);
        }
        return str2;
    }

    public synchronized void removeSSLConfigFromMap(String str, SSLConfig sSLConfig) throws Exception {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "removeSSLConfigFromMap", str);
        }
        this.sslConfigMap.remove(str);
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "removeSSLConfigFromMap");
        }
    }

    public synchronized void addSSLConfigToMap(String str, SSLConfig sSLConfig) throws Exception {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "addSSLConfigToMap: alias=" + str, new Object[0]);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, sSLConfig.toString(), new Object[0]);
        }
        if (validationEnabled()) {
            sSLConfig.validateSSLConfig();
        }
        this.sslConfigMap.put(str, sSLConfig);
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "addSSLConfigToMap");
        }
    }

    public synchronized String toString() {
        if (this.sslConfigMap.size() <= 0) {
            return "SSLConfigManager does not contain any SSL configurations.";
        }
        StringBuilder sb = new StringBuilder(128);
        sb.append("SSLConfigManager configuration: \n");
        for (Map.Entry<String, SSLConfig> entry : this.sslConfigMap.entrySet()) {
            sb.append(entry.getKey());
            sb.append("===");
            sb.append(entry.getValue().toString());
        }
        return sb.toString();
    }

    public synchronized boolean validationEnabled() {
        String globalProperty = getGlobalProperty(Constants.SSLPROP_VALIDATION_ENABLED);
        if (globalProperty != null) {
            return globalProperty.equalsIgnoreCase("true") || globalProperty.equalsIgnoreCase("yes");
        }
        return false;
    }

    public synchronized void checkURLHostNameVerificationProperty(boolean z) {
        String globalProperty = getGlobalProperty(Constants.SSLPROP_URL_HOSTNAME_VERIFICATION);
        if (globalProperty == null || globalProperty.equalsIgnoreCase("false") || globalProperty.equalsIgnoreCase(org.apache.abdera.util.Constants.NO)) {
            HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { // from class: com.ibm.ws.ssl.config.SSLConfigManager.2
                @Override // javax.net.ssl.HostnameVerifier
                public boolean verify(String str, SSLSession sSLSession) {
                    return true;
                }
            });
            if (z) {
                return;
            }
            Tr.info(tc, "ssl.disable.url.hostname.verification.CWPKI0027I", new Object[0]);
        }
    }

    public synchronized void notifySSLConfigChangeListener(String str, String str2) {
        List<SSLConfigChangeListener> list;
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "notifySSLConfigChangeListener", str, str2);
        }
        if (str != null && (list = this.sslConfigListenerMap.get(str)) != null && list.size() > 0) {
            SSLConfigChangeListener[] sSLConfigChangeListenerArr = (SSLConfigChangeListener[]) list.toArray(new SSLConfigChangeListener[list.size()]);
            for (int i = 0; i < sSLConfigChangeListenerArr.length; i++) {
                SSLConfigChangeEvent sSLConfigChangeEvent = this.sslConfigListenerEventMap.get(sSLConfigChangeListenerArr[i]);
                if (sSLConfigChangeEvent != null) {
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Notifying listener[" + i + "]: " + sSLConfigChangeListenerArr[i].getClass().getName(), new Object[0]);
                    }
                    sSLConfigChangeEvent.setState(str2);
                    sSLConfigChangeEvent.setChangedSSLConfig(this.sslConfigMap.get(str));
                    sSLConfigChangeListenerArr[i].stateChanged(sSLConfigChangeEvent);
                    if (str2.equals(Constants.CONFIG_STATE_DELETED)) {
                        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                            Tr.debug(tc, "Deregistering event for listener.", new Object[0]);
                        }
                        this.sslConfigListenerEventMap.remove(sSLConfigChangeListenerArr[i]);
                    }
                }
            }
            if (str2.equals(Constants.CONFIG_STATE_DELETED)) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Deregistering all listeners for this alias due to alias deletion.", new Object[0]);
                }
                this.sslConfigListenerMap.remove(str);
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "notifySSLConfigChangeListener");
        }
    }

    public synchronized void registerSSLConfigChangeListener(SSLConfigChangeListener sSLConfigChangeListener, SSLConfigChangeEvent sSLConfigChangeEvent) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "registerSSLConfigChangeListener", sSLConfigChangeListener, sSLConfigChangeEvent);
        }
        List<SSLConfigChangeListener> list = this.sslConfigListenerMap.get(sSLConfigChangeEvent.getAlias());
        if (list != null) {
            list.add(sSLConfigChangeListener);
            this.sslConfigListenerMap.put(sSLConfigChangeEvent.getAlias(), list);
        } else {
            ArrayList arrayList = new ArrayList();
            arrayList.add(sSLConfigChangeListener);
            this.sslConfigListenerMap.put(sSLConfigChangeEvent.getAlias(), arrayList);
        }
        this.sslConfigListenerEventMap.put(sSLConfigChangeListener, sSLConfigChangeEvent);
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "registerSSLConfigChangeListener");
        }
    }

    public synchronized void deregisterSSLConfigChangeListener(SSLConfigChangeListener sSLConfigChangeListener) {
        List<SSLConfigChangeListener> list;
        int indexOf;
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "deregisterSSLConfigChangeListener", sSLConfigChangeListener);
        }
        if (null == sSLConfigChangeListener) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                Tr.exit(tc, "deregisterSSLConfigChangeListener");
                return;
            }
            return;
        }
        SSLConfigChangeEvent sSLConfigChangeEvent = null;
        if (this.sslConfigListenerEventMap.containsKey(sSLConfigChangeListener)) {
            sSLConfigChangeEvent = this.sslConfigListenerEventMap.get(sSLConfigChangeListener);
        }
        if (sSLConfigChangeEvent != null) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Removing listener: " + sSLConfigChangeListener.getClass().getName(), new Object[0]);
            }
            String alias = sSLConfigChangeEvent.getAlias();
            if (this.sslConfigListenerMap.containsKey(alias) && (list = this.sslConfigListenerMap.get(alias)) != null && (indexOf = list.indexOf(sSLConfigChangeListener)) != -1) {
                list.remove(indexOf);
            }
            this.sslConfigListenerEventMap.remove(sSLConfigChangeListener);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "deregisterSSLConfigChangeListener");
        }
    }

    public synchronized boolean isServerProcess() {
        return this.isServerProcess;
    }

    public synchronized boolean isClientAuthenticationEnabled() {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "isClientAuthenticationEnabled", new Object[0]);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "isClientAuthenticationEnabled", (Object) false);
        }
        return false;
    }
}
